Periodic Reporting for period 1 - SEPTON (SECURITY PROTECTION TOOLS FOR NETWORKED MEDICAL DEVICES)
Période du rapport: 2022-12-01 au 2024-05-31
SEPTON aims to address the gap in generic technologies and processes referring to the IT network infrastructure with a holistic approach towards reinforcing networked medical devices (NMDs) security within healthcare premises. SEPTON will advance cutting-edge solutions in healthcare cybersecurity, focusing on NMDs & will result in a comprehensive cybersecurity toolkit providing tools & mechanisms to be used in hospitals & care centres for a) NMDs protection, including wearable devices & implants, with techniques such as polymorphism, b) secure & privacy preserving data exchanges between NMDs, using blockchain, differential privacy and encryption, c) behavioural anomaly detection, using a cybersecurity analytics framework coupled with ML & hardware acceleration, to increase performance and d) NMD vulnerability assessment. The usability of the solutions will be tested in a realistic setup via pilots, facilitated by a healthcare organisation & a medical device manufacturer.
During this period SEPTON worked to review the current standards and practices in Networked Medical Devices, with the aim to assess the existing landscape, identify challenges, and propose recommendations to enhance the safety, security, and interoperability of networked medical devices - focusing on Standardization, Interoperability, Cybersecurity, Data Privacy and the Regulatory Framework. The use cases that will support the validation and demonstration of the individual techniques that comprise the SEPTON toolkit were formulated (4 use cases covering techniques starting from securing implants and wearables, progressing to the protection of a Hospital Network infrastructure and expanding to exchanges among different medical organizations), and a set of functional and non-functional user & technical requirements were elicited. First functional versions (alpha versions) of the techniques were designed and developed within the period, which specifically includes 4 device-level protection tools (implant security based on dynamic biometrics, vulnerability assessment, device V&V tool, IoT end-point protection), 5 data-exchange and infrastructure level protection tools (blockchain-based data exchanges, threat information exchanges, anomaly detection, Hardware acceleration, differential privacy) and one visualization tool (SEPTON dashboard). In addition, the legal and ethical framework that governs the activities of the project was examined to ensure compliance and a data management plan and relevant processes were developed. Towards impact creation, the project has established its website and social media channels, a Zenodo community and a GitHub channel to facilitate the dissemination of project news and results to relevant scientific community and other stakeholders. SEPTON has also developed a plan for communication, dissemination and exploitation as foreseen and also initial dissemination materials.
The project has delivered the following innovative results:
A comprehensive up-to-date scientific review of current standards and practices in the field of Networked Medical Devices and a set of use cases related to the protection of networked medical devices. SEPTON has also designed and developed the first functional versions (alpha versions) of 4 device-level protection tools (implant security based on dynamic biometrics, vulnerability assessment, device V&V tool, IoT end-point protection), 5 data-exchange and infrastructure level protection tools (blockchain-based data exchanges, threat information exchanges, anomaly detection, Hardware acceleration, differential privacy) and one visualization tool (SEPTON dashboard).
The envisaged impact of SEPTON includes:
- Management of cybersecurity information sources; more effective vulnerability remediation, enhanced prevention and detection; reducing the impact of incidents, increasing the level of awareness and preparedness for the domain of networked medical devices
-Improving the innovation capacity and fostering the integration of new knowledge
-Offering competitive advantages for key stakeholders (medical device manufacturers, vendors, SMEs, cybersecurity agencies)
-Bringing clear benefits to the society.
A comprehensive up-to-date scientific review of current standards and practices in the field of Networked Medical Devices and a set of use cases related to the protection of networked medical devices. SEPTON has also designed and developed the first functional versions (alpha versions) of 4 device-level protection tools (implant security based on dynamic biometrics, vulnerability assessment, device V&V tool, IoT end-point protection), 5 data-exchange and infrastructure level protection tools (blockchain-based data exchanges, threat information exchanges, anomaly detection, Hardware acceleration, differential privacy) and one visualization tool (SEPTON dashboard).
The envisaged impact of SEPTON includes:
- Management of cybersecurity information sources; more effective vulnerability remediation, enhanced prevention and detection; reducing the impact of incidents, increasing the level of awareness and preparedness for the domain of networked medical devices
-Improving the innovation capacity and fostering the integration of new knowledge
-Offering competitive advantages for key stakeholders (medical device manufacturers, vendors, SMEs, cybersecurity agencies)
-Bringing clear benefits to the society.